Skip to main content

CWE-834

Excessive Iteration

79 CVEs Avg CVSS 6.5 MITRE
0
CRITICAL
28
HIGH
51
MEDIUM
0
LOW
14
POC
0
KEV

Monthly

CVE-2026-48156 PyPI MEDIUM PATCH GHSA This Month

Denial-of-service via algorithmic complexity in pypdf before 6.12.0 allows an attacker who can supply a crafted PDF file to cause excessive processing time during cross-reference stream parsing. The vulnerability is triggered by crafting a PDF with /W [0 0 0] field values in a cross-reference stream combined with a large /Size value, which causes the library to perform unbounded iteration over zero-byte entries. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, any application that processes untrusted PDF input using pypdf is exposed.

Information Disclosure Python Suse Red Hat
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-41313 PyPI MEDIUM PATCH This Month

Denial of service via algorithmic complexity in pypdf versions prior to 6.10.2 allows local attackers to cause long runtimes by crafting a PDF with an excessively large trailer /Size value when loaded in incremental mode. The vulnerability requires user interaction to load the malicious PDF and results in availability degradation rather than data compromise. Patch version 6.10.2 is available from the vendor.

Information Disclosure Python Red Hat Suse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41168 PyPI MEDIUM PATCH This Month

Denial of service in pypdf prior to version 6.10.1 allows remote attackers to craft malicious PDF files with oversized cross-reference stream `/Size` values or object stream `/N` values, causing excessive processing time and long runtimes. No authentication is required; the vulnerability is triggered by parsing a specially crafted PDF file. Patch version 6.10.1 is available from the vendor.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-27025 PyPI MEDIUM PATCH This Month

Resource exhaustion in pypdf versions prior to 6.7.1 occurs when processing maliciously crafted PDF files with manipulated /ToUnicode font entries, causing excessive memory consumption and processing delays during text extraction operations. A local attacker with file access can exploit this to degrade system performance, though no code execution or data compromise is possible. The vulnerability affects Python environments using pypdf and is remedied by upgrading to version 6.7.1 or later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55181 MEDIUM PATCH This Month

CVE-2025-55181 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-56571 npm HIGH This Week

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Finance Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-4227 HIGH This Month

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8049 MEDIUM This Month

In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telerik Document Processing Libraries
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42237 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42071 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Denial-of-service via algorithmic complexity in pypdf before 6.12.0 allows an attacker who can supply a crafted PDF file to cause excessive processing time during cross-reference stream parsing. The vulnerability is triggered by crafting a PDF with /W [0 0 0] field values in a cross-reference stream combined with a large /Size value, which causes the library to perform unbounded iteration over zero-byte entries. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, any application that processes untrusted PDF input using pypdf is exposed.

Information Disclosure Python Suse +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Denial of service via algorithmic complexity in pypdf versions prior to 6.10.2 allows local attackers to cause long runtimes by crafting a PDF with an excessively large trailer /Size value when loaded in incremental mode. The vulnerability requires user interaction to load the malicious PDF and results in availability degradation rather than data compromise. Patch version 6.10.2 is available from the vendor.

Information Disclosure Python Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in pypdf prior to version 6.10.1 allows remote attackers to craft malicious PDF files with oversized cross-reference stream `/Size` values or object stream `/N` values, causing excessive processing time and long runtimes. No authentication is required; the vulnerability is triggered by parsing a specially crafted PDF file. Patch version 6.10.1 is available from the vendor.

Information Disclosure Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Resource exhaustion in pypdf versions prior to 6.7.1 occurs when processing maliciously crafted PDF files with manipulated /ToUnicode font entries, causing excessive memory consumption and processing delays during text extraction operations. A local attacker with file access can exploit this to degrade system performance, though no code execution or data compromise is possible. The vulnerability affects Python environments using pypdf and is remedied by upgrading to version 6.7.1 or later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2025-55181 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Denial Of Service Proxygen
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Finance Js
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telerik Document Processing Libraries
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy